package com.netease.task.config;



import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;



// 自定义的Realm
public class UserRealm extends AuthorizingRealm {

    // 认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String user = (String) token.getPrincipal();
        /*System.out.println("****认证****");*/
        if("buyer".equals(user)){
            return new SimpleAuthenticationInfo(user,"reyub","");
        }else if("seller".equals(user)){
            return new SimpleAuthenticationInfo(user,"relles","");
        }else{
            return null;
        }
    }

    // 授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        /*System.out.println("****授权****");*/
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 拿到当前登录的对象
        Subject subject = SecurityUtils.getSubject();
        String currentUser = (String) subject.getPrincipal();

        // 设置当前用户的权限
        if("buyer".equals(currentUser)){
            info.addStringPermission("buyer:qx");
        }

        if("seller".equals(currentUser)){
            info.addStringPermission("seller:qx");
        }
        return info;
    }


}
